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(54) Peripheral equipment and management method thereof 



(57) Wlien managing a job inputted via a networl< or 
a console according to a job management command is- 
sued lil<ewise via the network or the console, peripheral 
equipment managed by a directory server connected via 
the network decrypts an access ticket Included in the 



job, decrypts the access ticket included in the job man- 
agement command, and manages the job according to 

the decrypted contents of the access ticl<et included In 
the job and the access ticl<et included in the job man- 
agement command. 
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Description 

BACKGROUND OF THE INVENTION 

5 Field of the Invention 

[0001] The present invention relates to nnanagennent of use of peripheral equipment such as a printer, a scanner, a 
copier and a facsinnile. 

10 Related Background Art 

[0002] In the past, it was possible, In the peripheral equipment such as a printer, a copier, a facsimile (FAX) and a 
scanner, to perform management of jobs (displaying a job list, canceling a specified job and so on) of which operation 
or execution is pending in the equipment from a computer connected to the equipment via a console of the equipment 

is or a networl< and so on. 

[0003] In addition, In the past, the peripheral equipment such as the copier and the facsimile perfonned user authen- 
tication, in order to perform user information management, by displaying a dialog for performing user authentication 
on the console and having user infonnatlon inputted thereon. The user Information obtained here was checl^ed against 
a database of the user information managed inside the equipment so that use pennisslon of the user was issued in 

20 the case where they coincided. Moreover, in the case where some printing was performed as a result of user operation, 
the number of prints was logged together with the user information obtained on a login or accumulated on a counter 
for each user so as to manage the number of prints for each user. 

[0004] In addition, in the past, the peripheral equipment such as the printer and the copier perfomied, by discrete 
devices, management of the numbers of prints such as management of the accumulated number of prints for each 
25 user and limitation by the maximum number of prints. In this case, it was peri'onned by providing In the equipment a 
counter for representing the accumulated printing, and ending printing or refusing to accept a job when this value 
becomes a predetermined value. 

SUMMARY OF THE INVENTION 

30 

[0005] Therefore, an object of the present invention Is, in tenns of job management in a network environment, to 
provide peripheral equipment, an infomriation processing apparatus, a peripheral equipment control system, a man- 
agement method, management software and storage media that allows a unified access control. Another object of the 
present invention Is, in temns of job management in a network environment, to provide the peripheral equipment and 

35 the management method thereof capable of perfomriing the unified access control without deteriorating perfomiance. 
[0006] To attain the above objects, when managing the job inputted via the network or the console according to a 
job management command issued likewise via the network or the console, the peripheral equipment of the present 
Invention managed by a directory sen/er connected via the network decrypts an access ticket included In the job, 
decrypts the access ticket included in the job management command, and manages the job according to the decrypted 

40 contents of the access ticket included in the job and the access ticket included in the job management command. 
[0007] Other objects and characteristics of the present invention will be clear from the following description and 
drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

45 

[0008] 

FIG. 1 Is a block diagram showing a configuration of a peripheral equipment control system according to a first 
embodiment; 

so FIG. 2 is a block diagram showing a configuration of an MFP(1) and an MFP(2); 

FIG. 3 is a block diagram showing a hardware configuration of a controller 11 ; 
FIG. 4 Is a block diagram showing the hardware configuration of a PC constituting a network system; 
FIG. 5 is a diagram showing attribute information held by the MFP(1); 

FIG. 6 is a flowchart showing a procedure for displaying and/or changing a user management mode of the MFP 
S5 (1 ) from a PC(1 ), a PC(2) and a PC(3); 

FIG. 7 is a diagram showing a user interface screen displayed on a CRT 33 in a state of waiting for user-input In 
a step S1705; 

FIG. 8 is a flowchart showing an operating procedure for displaying and/or changing a directory server correspond- 
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ing to the M FP(1 ) from the PC(1 ), the PC(2) and the PC(3); 

FIG. 9 is a diagram showing user interface screen displayed on a CRT 33 in a state of waiting for user-input In a 
step S1807; 

FIG. 1 0 Is a flowchart showing the procedure for displaying and/or changing how to permit a login from the PC(1), 
5 the PC(2) and the PC(3) In the case where the l\/IFP(1) cannot be connected to a directory server 6; 

FIG. 11 is a diagram showing a user interface screen displayed on a CRT 33 In a state of waiting for user-Input In 
a step S2207; 

FIG. 1 2 Is a flowchart showing the procedure for Issuing a print job, a scanner job, a fax transmission job and a 
copy job from the PC(1), the PC(2) and the PC(3) to the MFP(1 ); 
10 FIG. 13 Is a flowchart following FIG. 12 for showing the procedure for issuing a print job, a scanner job, a fax 

transmission job and a copy job from the PC(1), the PC(2) and the PC(3) to the MFP(1); 
FIG. 14 Is a flowchart showing the procedure for Issuing a job in a step S403; 

FIG. 15 is a flowchart showing the procedure for receiving a job submitting command when the MFP(1) receives 
the job issued by the process in FIG. 14; 
IS FIG. 16 Is a flowchart following FIG. 15 for showing the procedure for receiving the job submitting command when 

the MFP(1) receives the job issued by the process in FIG. 14; 

FIG. 17 is a diagram showing a data structure of the job held In the MFP(1) as a result of the process In FIG. 14; 
FIG. 18 is a flowchart showing the procedure of the job data held in the MFP(1) shown in FIG. 17; 
FIG. 19 Is a flowchart following FIG. 18 for showing the procedure of the job data held in the l\/IFP(1) shown in 
20 FIG. 17; 

FIG. 20 is a flowchart showing a login procedure from an operation division of the MFP(1); 
FIG. 21 Is a flowchart following FIG. 20 for showing the login procedure from the operation division of the MFP(1 ); 
FIG. 22 is a diagram showing the data structure of a user Information cache; 
FIG. 23 is a flowchart showing the procedure of a print pending job In steps S924 and S922; 
25 FIG. 24 Is a diagram showing the user interface screen displayed on an LCD 23 in a step S1104; 

FIG. 25 is a flowchart showing the procedure when the MFP(1) receives an access command for obtaining or 
setting individual attribute information from the PC{1), the PC(2) and the PC(3); 

FIG. 26 Is a flowchart following FIG. 25 for showing the procedure when the l\/IFP(1 ) receives an access command 
for obtaining or setting the Individual attribute infonmation from the PC(1 ), the PC(2) and the PC(3); 
30 FIG. 27 Is a flowchart showing the procedure for Issuing a management command such as device management 

or job management from the PC(1), the PC(2) and the PC(3) to the MFP(1); 

FIG. 28 is a flowchart following FIG. 27 for showing the procedure for issuing a management command such as 
device management or job management from the PC(1), the PC(2) and the PC(3) to the MFP(1); 
FIG. 29 is a diagram showing the data structure of the management command; 
35 FIG. 30 is a flowchart showing the procedure for MFP(1 ) to process the management command generated by the 

process in FIG. 22 and sent to the MFP(1 ); 

FIG. 31 is a flowchart following FIG. 30 forshowing the procedure for MFP(1 ) to process the management command 
generated by the process in FIG. 22 and sent to the MFP(1); 

FIG. 32 is a flowchart showing the procedure fortotaling the logs of the IV1FP(1 ) and the MFP(2) and updating the 
40 pemiitted number of prints and the number of accumulated prints for each user of the directory server 6; 

FIG. 33 is a flowchart showing a computing procedure for computing the permitted number of prints when it Is 
impossible to connect to the directory server in the step S923 in FIG. 17; 

FIG. 34 Is a flowchart following FIG. 33 for showing a computing procedure for computing the permitted number 
of prints when it is impossible to connect to the directory server in the step S923 in FIG. 1 7; 
45 FIG. 35 Is a diagram showing the data stnjcture of the management command generated by a management com- 

mand generation process mentioned later and sent to the MFP{1); 

FIG. 36 is a diagram showing the data stmcture of an access ticket cache held in a RAM 22 of the MFP(1) by the 
process of an access ticket setting command mentioned later; 

FIG. 37 is a flowchart showing the procedure for MFP(1) to process the management command generated by a 
50 management command generation process mentioned later and sent to the MFP{1 ); 

FIG. 38 is aflowchartfoHowIng FIG. 37forshowingtheprocedureforMFP(1) to process the management command 
generated by the management command generation process mentioned later and sent to the MFP(1); 
FIG. 39 is a flowchart showing the procedure for issuing a management command such as device management 
or job management from the PC(1), the PC(2) and the PC(3) to the l\/IFP(1) performing the process in FIG. 29; 
55 FIG. 40 and FIG. 41 are flowcharts showing the procedure of the MFP(1) In the case where a copy job is started 

from an operation panel of the MFP(1); and 

FIG. 42 Is an example of the data structure of infonnation on a user logging into each client PC registered with 
and managed by the directory server 6. 
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DESCRIPTION OF THE PREFERRED EMBODIMENT 

[0009] Embodiments of the present Invention will be described hereafter by referring to the drawings. 
[0010] In the embodiments, peripheral equipment Is a multl function printer, which is abbreviated as MFP in the 
5 foiiowing description. 

(First Embodiment) 

[0011] FiG. 1 is a block diagram showing a configuration of a peripheral equipment control system according to a 
10 first embodiment. In the drawing, reference numerals 1 and 5 denote an MFP(1) and an MFP(2), respectively (hereafter 
uniformly referred to as the MFP(1) 1 and the MFP(2) 5). In addition, reference numerals 2, 3 and 4 denote personal 
computers described as a PC(1), a PC(2) and a PC(3), respectively (hereafter unlfomnly referred to as the PC(1) 2, 
the PC(2) 3 and the PC(3) 4). The PC(1) 2, the PC(2) 3 and the PC(3) 4 are connected to the MFP(1) 1 and the MFP 
(2) 5 by way of a network 10 or a local interface respectively. On the PC(1) 2, the PC(2) 3 and the PC(3) 4, peripheral 
15 equipment control software related to the present invention operates and requests the MFP(1) 1 to process the jobs 
such as a print, a scan, a copy or a fax transmission and reception or inquire about attribute infomriation of the MFP 

(1) 1 andtheMFP(2)5. 

[0012] In addition, reference numeral 6 denotes a directory server having a centralized management function of user 
Information and device Information on the network 10, and is comprised of a general purpose computer and so on. 
20 This directory server 6 also has a KDC (Key Distribution Server) function in a Kerberos protocol (RFC1 51 0) and issues 
a TGT (Ticket Generation Ticket) ticket and an access ticket required for accessing a specified resource in compliance 
with regulations of the Keri^eros protocol. 

[0013] Moreover, this directory server 6 Is supposed to have an MFP(1) 1 and an MFP(2) 5 already registered. This 
data can be referred to and updated from a PC(1) 2 and a PC(2) 3 by using an LDAP protocol (RFC1777). Each piece 
25 of the user lnfomr»ation managed in the directory server 6 includes a user name, a password, the permitted number of 
prints of the user and the accumulated number of prints of the user. In addition, each piece of the device information 
managed in the directory sen/er 6 includes a device name and a cryptograph key 

[0014] The users using the PC(1) 2, the PC(2) 3 and the PG(3) 4 are registered with and managed by the directory 
server 6 as networi< users, and may use network resources such as various application servers (not shown) on the 
30 network 1 0 and the peripheral equipment including the MFP(1) 1 , the MFP(2) 5 and so on managed by the directory 
server 6. 

[0015] FIG. 2 is a block diagram showing a configuration of the peripheral equipment (the MFP(1) 1 and the MFP 

(2) 5). in the diagram, reference numeral 11 denotes a controller for controlling the peripheral equipment. Reference 
numeral 1 2 denotes a communication interface for the controller 11 to communicate with the outside of the peripheral 

35 equipment, which is an Ethernet interface, an IEEE1284 interface or another communteatlon interface for instance. 
[0016] Reference numeral 13 denotes a scanner engine and is controlled by the controller 11. Reference numeral 
1 4 denotes a printer engine and is controlled by the controller 1 1 , and for Instance, it is a laser beam printer, an ink jet 
printer or another printer 

[0017] Reference numeral 15 denote s a FAX board for implementing a FAX function of performing communication 
40 control such as sending and receiving images, and is controlled by the controller 1 1 . Reference numeral 16 denotes 
a user interface comprised of an LCD display and a keyboard, and displays infomriation from the controller 11 and 
communicates an instruction from the user to the controller 11 . 

[0018] The peripheral equipment having such a configuration selects a printer engine 1 4 and allows a print job to be 
issued. In addition, it selects the printer engine 1 4 and a scanner engine 1 3 to allow a copy job to be issued. Moreover. 
45 it selects the printer engine 14, the scanner engine 13 and the FAX board 15 to allow a FAX reception job and a FAX 
transmission job to be issued. 

[0019] FIG, 3 is a block diagram showing a hardware configuration of the controller 11 . The controller 11 is mutually 
connected via a system bus 20 with a CPU 21 , a RAM 22, an LCD 23, a keyboard 24, a ROM 25, a communication 
interface 26, a scanner engine 27, a printer engine 28, a FAX board 29 and a disk 30. 

so [0020] A program for controlling the controller 1 1 is stored in the ROM 25 or the disk 30, and is read by the RAM 22 
as required and executed by the CPU 21. Also, the ROM 25 or the disk 30 has attribute infomiation showing the 
peripheral equipment and functions and states of the jobs to be processed by the peripheral equipment and job data 
to be outputted and so on stored in addition to the control program. Moreover, the CPU 21 produces a display on the 
LCD 23 and is instructed by the user from the keyboard 24. In addition, the CPU 21 perfomns communication with the 

55 outside through the interface 26. 

[0021] In the peripheral equipment (FIG. 2) according to this embodiment, unless specifically noted otherwise, the 
CPU 21 receives the user-input from the keyboard 24 via the system bus 20 and controls the RAM 22, the LCD 23, 
the ROM 25, the communication Interface 26, the scanner engine 27, the printer engine 28, the FAX board 29 and the 
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disk 30. 

[0022] FIG. 4 is a block diagram showing the hardware configuration of the PC constituting a network system. On 
the PC, a CPU 31 , a RAM 32, a CRT 33, a keyboard 34, a pointing device 35, a ROM 36, a disk 37 and a communteatlon 
interface 38 are mutually connected via a system bus 40. The program for controlling the PC is stored in the ROM 36 

s or the disk 37, and is read by the RAM 32 as required and executed by the CPU 31 . Moreover, the CPU 31 produces 
a display through the CRT 33 and is instructed by the user from the keyboard 34 and the pointing device 35. In addition, 
the CPU 31 perfomris communication with the outside through the communication interface 38. 
[0023] In the PC according to this embodiment, unless specifically noted otherwise, the CPU 31 receives the user- 
Input from the keyboard 34 or the pointing device 35 via the system bus 40 and controls the RAM 32, the CRT 33, the 

10 ROM 36, the disk 37 and the communication interface 38. in addition, the user's instruction to the MFPs and display 
of information to the user may be performed either through a local user interface 16 or through the devtee to be a client 
connected to the network 1 0 such as the PC(1) 2, the PC(2) 3 and the PC(3) 4. 

[0024] FIG. 5 is a diagram showing the attribute infomiation held by the MFP(1 ) 1 . While the MFP(2) 5 has the same 
data structure as the MFP(1) 1 , values held thereby are different. Such information Is held by the ROM 25, the RAM 
15 22 and the disk 30, and the individual attribute infomiation may be obtained or set from the PC(1 ) 2, the PC(2) 3 and 
the PC(3) 4 by the process mentioned later. 

[0025] In the diagram, 301 is a "Supported User Management Mode List" attribute, and holds a plurality of values 
as a list, that Is, "No User Management," "Password," "User ID," "User ID and Password" and "Join Security Domain." 
[0026] Reference numeral 302 denotes a "Current User Management Mode" attribute, and holds "Join Security Do- 

20 main" as the value. Reference numeral 303 denotes an "Adaptive Directory Server Type List" attribute, and holds a 
plurality of values as the list, that is, "Standard LDAP Server," "Active Directory (MS)," "NDS (Novell)" and "Open LDAP" 
[0027] Reference numeral 304 denotes a "Current Directory Server Type" attribute, and holds "Active Directory (MS)" 
as the value. Reference numeral 305 denotes a "Current Directory Server IP Address" attribute, and holds "123, 56. 
54. 21" as the value. Reference numeral 306 denotes a "Cryptograph key" attribute, and holds "Ox34q4bffcdca001 " 

25 as the value. This value becomes effective in the case where the "Current User Management Mode" attribute is "Join 
Security Domain," and is used to interpret the access ticket Issued from the directory server 6. 
[0028] Reference numeral 307 denotes a "Pemriission to Use in case of Inaccessible Directory Server*' attribute, and 
holds 'TRUE" as the value. Reference numeral 308 denotes a "Limit Types for Use In case of Inaccessible Directory 
Sen/er" attribute, and holds a plurality of values as the list, that Is, "No Limit," Time," "Time and Fixed Max No. of 

30 Prints," "Time and Max No. of Prints," "Fixed Max No. of Prints," "Max No. of Prints" and "For each Login." 

[0029] Reference numeral 309 denotes a "Cuaent Limit Types for Use in case of Inaccessible Directory Server" 
attribute, and holds "Time" as the value. Reference numeral 31 0 denotes a "Time Limit" attribute, and holds "48 Hours" 
as the value. Reference numeral 311 denotes a "Daily Reduction Ratio of Max No. of Prints" attribute, and holds "30" 
as the value. Reference numeral 312 denotes a "Max No. of Prints" attribute, and holds "1 00" as the value. Reference 

35 numeral 313 denotes a "Max No. of Prints for each Login" attribute, and holds "20" as the value. 

[0030] FIG. 6 is a flowchart showing the procedure for displaying and/or changing a user management mode of the 
MFP(1) 1 from the PC(1) 2, the PC(2) 3 and the PC(3) 4. This processing program runs on the PC(1) 2, the PC(2) 3 
and the PC(3) 4. First, it obtains attribute infomiation 301 of the MFP(1) 1 (step SI 701). This attribute information is 
obtained by sending an attribute acquisition command from the PC(1 ) 2, the PC(2) 3 and the PC(3) 4 to the MFP(1) 1 

40 and processing this command on the M FP(1 ) 1 . And it displays the obtained attribute infomiation on the CRT 33 (step 
SI 702). Furthermore, it obtains a "Current User Management Mode" attribute 302 that is the attribute infomiation (step 
S1 703) and displays It on the CRT 33 (step S1 704). 

[0031] It waits for the user-input (step S1 705), and sets the "Current User Management Mode" attribute 302 that is 
the attribute infomiation (step SI 706) according to the user-input to finish the process. This attribute Information is set 
45 by sending an attribute setting command from the PC(1 ) 2, the PC(2) 3 and the PC(3) 4 to the MFP(1 ) 1 and processing 
this command on the MFP(1 ) 1 . 

[0032] FIG. 7 is a diagram showing a user interface screen displayed on the CRT 33 in the state of waiting for user- 
input in a step SI 705. In the diagram, 1 01 indicates a list of the user management modes (attribute 301 ) that can be 
selected by the user. The attribute 302 of the currently set user management mode is in reverse video In 102 in the 

50 diagram. The user selects a desired user management mode and puts It In reverse video, and presses an OK button 
1 03 to execute the process of the step S1 706 and perfonn setting of the user management mode. 
[0033] Moreover, the procedure in FIG. 6 may be perfonmed by, instead of the PCs, the controller 1 1 of the MFP(1 ) 
1 itself of which user management mode is to be changed, and the display in FIG. 7 may also be perfomied on the 
user Interface 16 included in the MFR It may also be perfomied and/or displayed on the other MFP(2) 5. 

55 [0034] FIG. 8 Is a flowchart showing an operating procedure for displaying and/or changing a directory server cor- 
responding to the MFP(1) 1 from the PC(1) 2, the PC(2) 3 and the PC(3) 4. This procedure is perfomied on the PC(1) 
2. the PC(2) 3 and the PC(3) 4. 

[0035] First, attribute Information 303 is obtained (step SI 801 ). This attribute infomiation is obtained by sending the 
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attribute acquisition command from the PC(1) 2, the PC(2) 3 and the PC(3) 4 to the MFP(1) 1 and processing this 
command on the MFP(1 ) 1 following the procedure mentioned later. And the obtained attribute infonnation is displayed 
on the CFTT 33 (step SI 802). 

[0036] Furthemnore, attribute infonnation 304 is obtained (step S1 803) and the obtained attribute Infomiation is dis- 
5 played on the CRT 33 (step S1804). Attribute infonnation 305 Is obtained (step S1805) and the obtained attribute 
infomiation 305 is displayed on the CRT 33 (step S1 806). 

[0037] The user-input is waited for (step S1 807), and attribute information 304 and 305 is set according to the user- 
input (step SI 808). This attribute Information Is set by sending an attribute setting command from the PC(1) 2, the PC 
(2) 3 and the PG(3) 4 to the MFP(1 ) 1 and processing this command on the MFP(1 ) 1 following the procedure mentioned 

10 later. 

[0038] FIG. 9 is a diagram showing the user interface screen displayed on the CRT 33 in the state of waiting for 
user-input In a step 31 807. In the diagram, 201 indicates the list of the directory sender types (attribute 303) that can 
be selected by the user. The cunrently set directory server type (attribute 304) Is In reverse video in 202 In the diagram. 
Moreover, an IP address 305 of the currently set directory server is displayed in an address division 203. The user 
15 selects a desired directory server type and puts it in reverse video, inputs a desired IP address In the address division 
203, and presses an OK button 204 to execute the process of the step Si 808 and perform setting of the corresponding 
directory sen/er. 

[0039] Moreover, the process shown in FIG. 8 may be perfonned by, Instead of the PCs, the controller 1 1 of the MFP 
(1) 1 itself of which set directory server Is to be changed, and the display shown In FIG. 9 may also be perfomied by 
20 the user Interface 16 Included In the MFP. It may also be perfonned and/or displayed on the other MFP(2) 5. 

[0040] FIG. 10 is a flowchart showing the procedure for displaying and/or changing from the PC(1) 2, the PC(2) 3 
and the PC(3) 4 how to permit a login in the case where the MFP(1 ) cannot be connected to the directory server 6. 
This procedure is perfonned on the PC(1) 2, the PC(2) 3 and the PC(3) 4. 

[0041] First, a "Limit Types for Use In case of Inaccessible Directory Server" attribute 308 that Is the attribute infor- 
ms mation is obtained (step 82201). The attribute Infonnation Is obtained by sending the attribute acquisition command 
from the PC(1 ) 2, the PC(2) 3 and the PC(3) 4 to the MFP(1 ) 1 and processing this command on the MFP(1 ) 1 following 
the procedure mentioned later. And the obtained attribute information Is displayed on the CRT 33 (step S2202). 
[0042] A "Current Limit Type for Use in case of Inaccessible Directory Server" attribute 309 that Is the attribute 
infomiation is obtained (step S2203) and the obtained attribute infonnation is displayed on the CRT 33 (step S2204). 
30 Furthennore, a "Pennlsslon to Use In case of Inaccessible Directory Server* attribute 307 that is the attribute Infonnation 
is obtained (step S2205). The obtained attribute information is displayed on the CRT 33 (step S2206). 
[0043] The user-input is waited for (step S2207), and attribute infonnation 309 and 307 is set according to the user- 
input (step S2208) to finish the process. The attribute infomiation is set by sending the attribute setting command from 
the PC(1) 2, the PC(2) 3 and the PC(3) 4 to the MFP(1) 1 and processing this command on the MFP(1) 1 following 
35 the procedure mentioned later. 

[0044] FIG. 11 is a diagram showing the user interface screen displayed on the CRT 33 in the state of waiting for 
the user-input in a step 82207. In the diagram, 2102 indicates the contents of the "Limit Types for Use in case of 
Inaccessible Directory Server" attribute 308, and the value of the "Current Limit Type for Use In case of Inaccessible 
Directory Server" attribute 309 Is in reverse video in 2103 in the diagram. Moreover, the value of the "Pennlsslon to 
40 Use in case of Inaccessible Directory Server" attribute 307 Is displayed in a check box 2101. The user perfonns a 
desired setting and then presses an OK button 2104 to execute the process of the step S2208 and perfomn setting of 
the attribute infonnation. 

[0045] Moreover, the process shown In FIG. 10 may be perfonned by, instead of the PCs, the controller 11 of the 
MFP(1 ) 1 Itself of which setting Is to be changed, and the display shown in FIG. 1 1 may also be performed by the user 
45 interface 16 Included in the MFP. Furthennore, It may be perfonned and/or displayed on the other MFP(2) 5. 

[0046] FIGS. 12 and 13 are flowcharts showing the procedure for issuing a print job, a scanner job, a fax transmission 
job or a copy job from the PC(1) 2, the PC(2) 3 and the PC(3) 4 to the MFP(1) 1 . This procedure is performed on the 
PC(1 ) 2. the PC(2) 3 and the PC(3) 4. 

[0047] First, the "Current User Management Mode" attribute 302 that is the attribute infonnation held by the MFP(1 ) 
so 1 is obtained (step S401). It is detemriined whether or not the value of the attribute Information 302 Is "No User Man- 
agement" (step 8402). In the case where it is "No User Management" as a result of the determination, other infonnation 
required for the job is set on the job, and then the job is issued to the MFP(1 ) 1 (step 8403). Then the process is finished. 
[0048] On the other hand, in the case where it Is "User Management" in the step 8402, it is determined whether or 
not the value of the attribute infonnation 302 Is "Password" (step S404). In the case where It Is "Password" as a result 
55 of the detenninatlon, the user interface screen prompting for the password is displayed on the CRT 33 (step S405). 
And in the step 8403, other infonnation required for the Inputted password and the job is set on the job, and then the 
job is Issued to the MFP(1) 1 . 

[0049] On the other hand, in the case where It is not "Password" as a result of the determination in the step S404, 



6 



EP1 193 593 A2 

it Is determined whether or not the value of the attribute information 302 is "User ID" (step S406). In the case where It 
Is "User ID" as a result of the detemilnation, the user Interface screen prompting for the user ID Is displayed on the 
CRT 33 (step S407). And in the step S403, other Infomnatlon required for the inputted user ID and the job is set on the 
job, and then the job is issued to the MFP(1) 1. 

5 [0050] On the other hand, in the case where it is not "User ID" as a result of the deternilnation in the step S406, it is 
determined whether or not the value of the attribute infomiatlon 302 is "User ID and Password" (step S408). In the 
case where It is "User ID and Password" as a result of the determination, the user interface screen prompting for the 
user ID and password is displayed on the CRT 33 (step S409). And In the step S403, other infomnation required for 
the inputted user ID, password and the job is set on the job, and then the job is Issued to the MFP(1) 1 . 

10 [0051] On the other hand, In the case where it is not "User ID and Password" as a result of the determination in the 
step S408, it is determined whether or not the user has already logged in to a security domain managed by the directory 
server 6 on the PC being used (step S410). This detemnination is made by inquiring of an operating system of the PC 
being used. In the case where the user has not logged in as a result of the detemnination, the user Interface screen 
prompting for the user ID and password is displayed on the CRT 33 (step S411), and the information is sent to the 

is directory server 6 by using the Kerberos protocol so as to obtain TGT (Ticket Generation Ticket) inf omiation (step S41 3). 
[0052] On the other hand, In the case where the user has already logged in as a result of the detemnination in the 
step S410, the TGT used in a current session is requested of the operating system and Is obtained (step S412). 
[0053] The TGT obtained in the step S412 or S413 Is used to obtain the pemnltted number of prints infonnation of 
the user falling under the user name held by the operating system or the user name Inputted In the step S41 1 from the 

20 directory server 6 by the Kerberos protocol and the LDAP protocol (step S41 4). 

[0054] It is detemiined thereafter whether or not the pemnltted number of prints Is one or more (step S41 5), and in 
the case where it cannot be printed since It Is less than one as a result of the detemnination, the user interface screen 
representing that the job cannot be Issued is displayed on the CRT 33 (step S41 6) to finish the process. 
[0055] On the other hand, in the case where printing is possible with the permitted number of prints of one or more 

25 as a result of the determination In the step S415, the TGT obtained in the step S41 2 or S413 and a parameter of an 
identifier Identifying the MFP(1 ) 1 of the job issue destination are sent to the directory server 6 by the Kert3eros protocol 
to obtain the access ticket for the MFP(1) 1 (step S417). The access ticket obtained here has the Infomnation on the 
user name, the user ID, the user's pemnltted number of prints and its expiration date that Is ericrypted by cryptograph 
key attribute infonnation 306 of the MFP(1) 1 . A data format in the access ticket and encryption (algorithm) to be used 

30 are uniquely determined In advance according to the currently corresponding directory server type (attribute Information 
304). 

[0056] And the access ticket obtained in the step S41 7 and the other infomnation required for the job are set on the 
job, and then the job is issued to the MFP(1) 1 (step S418) to finish the process. 

[0057] FIG. 1 4 is a flowchart showing the procedure for Issuing the job In the step S403. First, the parameter of the 
35 attribute setting command for the attribute required for the job Is set (step S502). This parameter is comprised of an 

attribute name of a setting subject and the value therefor The attribute setting command created in the step S502 is 

sent to the MFP(1) 1 (step S503). it is detemnined whether or not the setting of the required job attribute is completed 

(step S504), and in the case where rt Is not completed, the process in the step S502 is repeated. 

[0058] On the other hand, in the case where the setting of the required job attribute is completed in the step S504, 
40 target data of job processing such as image data created by an application and so on is sent to this MFP by a job data 

transmission command (step S505). A job submitting completion notice command showing completion of sending the 

job submitting command is sent (step S506) to finish the process. 

[0059] FIGS. 15 and 16 are flowcharts showing the procedure for receiving a job submitting command when the 
MFP(1) 1 receives the job issued by the process in FIG. 14. This process is perfonned by the MFP(1) 1 each time the 
45 command constituting the job is received. 

[0060] The received command and its parameter are analyzed (step S601). As a result of this analysis, It is deter- 
mined whether or not the received command is the attribute setting command (step S602). In the case where the 
received command is the attribute setting command, it is detemnined whether or not the attribute can be interpreted 
by the MFP(1) 1 (step S603). 

50 [0061] In the case where It can be interpreted, a pair of the specified attribute name and attribute value is stored as 
the job data on the RAM 22 or the disk 30 according to the analysis results obtained in the step S601 (step S604) to 
finish the process. On the other hand, In the case where It cannot be interpreted in the step S603, it Is impossible to 
set the attribute specified by the received attribute setting command, and so it is communicated in reply that the attribute 
could not be set (step S616) to finish the process. 

55 [0062] On the other hand, in the case where the received command Is not the attribute setting command In the step 
S602, it is detemnined whether or not the received command is the job data transmission command from the analysis 
results obtained In the step S601 (step S611). In the case where it is the job data transmission command, the job data 
received following the command Is stored in the RAM 22 or the disk 30 (step S612) to finish the process. 
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[0063] On the other hand, in the case where it is not the job data transmission command in the step S611 , it is 
determined whether or not the received command Is a job submitting termination notice command from the analysis 
results obtained In the step S601 (step S613). In the case where it is the job submitting tenninatlon notice command, 
processing of the job data held in the RAIVI 22 or the disk 30 is started (step S614). On the other hand, in the case 
5 where it is not the job submitting tennination notice command, the received command is another command, and a 
process depending on the other command is perfomned (step S615) to finish the process. 

[0064] FIG. 1 7 is a diagram showing the data structure of the job held In the iVIFP(1 ) 1 as a result of the process In 
FIGS. 15 and 16. This Job is comprised of an attribute list 701 representing the function and attribute of the job and 
job data 702 representing the data to be the processing target of the Job. The job data 702 is not necessary depending 
10 on the job type. The attribute list 701 is the list of a pair of an attribute name 71 1 and an attribute value 71 2 corresponding 
thereto. 

[0065] In the diagram, reference numeral 721 represents that the Job is the printing job. Reference numeral 722 
represents that the Job starting mode is pending. Reference numeral 723 represents that the user management mode 
is "Join Security Domain" and indicates that an access ticket 726 is used as the user infomnation on the job. Reference 

15 numeral 724 denotes the attribute for which the user ID is set in the case where the user management mode is "User 
ID" or "User ID and Password." Reference numerai 725 denotes the attribute for which the password is set in the case 
where the user management mode Is "Password" or "User ID and Password." Reference numeral 726 denotes the 
attribute for which the access tteket Is set In the case where the user management mode is "Join Security Domain." 
Moreover, as for the attributes 724, 725 and 726, only what is necessary may be set as the Job data according to the 

20 contents of the attribute 723. 

[0066] FIGS. 18 and 19 are flowcharts showing the procedure of the job data held in the MFP(1) 1 shown in FIG. 
1 7. This procedure is performed on the MFP(1 ) 1 . First, the attribute information (cun^ent user management mode) 302 
Is obtained (step S801 ). It is detemnined whether or not the value of the attribute infomriation 302 is "No User Manage- 
ment" (step S802). 

25 [0067] In the case of "No User Management" as a result of the determination, the processing of the attributes except 
the attributes 723, 724, 725 and 726 is perfomned (step S803), and job data processing is performed based on these 
attributes (step S810). The Job processing results are logged (step S811) to finish the process. This log is stored in the 
RAM 22 or the disk 30. 

[0068] On the other hand, in the case where there is the user management as a result of the determination In the 
30 step S802, it is detemnined whether or not the value of the attribute infonnation 302 is "Password" (step S804). In the 
case where it is "Password" as a result of the determination, a password value held in advance in the RAM 22 or the 
disk 30 is compared to attribute Information 725 (step S805), and in the case where they coincide, the Job processing 
is continued in the step S803. On the other hand, in the case where they do not coincide, the Job processing Is aborted. 
[0069] On the other hand, in the case where it is not "Password" as a result of the detennination In the step S804, 
35 it is determined whether or not the value of the attribute Infonnation 302 is "User ID" (step S806). In the case where it 
is "User ID" as a result of the detennination, a user ID value held In advance in the RAM 22 or the disk 30 is compared 
to attribute infonnation 724 (step S807). and In the case where they coincide, the job processing is continued In the 
step S803. On the other hand, in the case where they do not coincide, the Job processing is aborted. 
[0070] In the case where it is not "User ID" as a result of the detennination in the step S806, it is determined whether 
40 or not the value of the attribute infonnation 302 is "User ID and Password" (step S808). In the case where it is "User 
ID and Password" as a result of the determination, the user ID value and the password value held in advance in the 
RAM 22 or the disk 30 is compared to attribute Infonnation 724 and 725 respectively (step S809), and in the case 
where they coincide, the job processing is continued in the step S803. In the case where they do not coincide, the job 
processing Is aborted. 

45 [0071 ] On the other hand, In the case where It is not "User ID and Password" as a result of the determination in the 
step S808, the access ticket value 726 is decrypted by using the cryptograph key that is the attribute information 306 
(step S812). And it is detennined whether or not the access ticket is valid (step S813). In the case where the access 
ticket value could not be decrypted or the value of the pemnltted number of prints held in the access ticket is 0, it is 
detennined that the access ticket Is Invalid in the step S813, and the job data Is abandoned (step S814) to finish the 

50 process. 

[0072] On the other hand, in the case where it is determined that the access ticket Is valid in the step S813, the 
permitted number of prints information of the user falling under the user ID In the access ticket is obtained from the 
directory sen/er 6 by the Kertaeros protocol and the LDAP protocol (step S815). 

[0073] It Is detennined whether or not it can be printed with the pemriitted number of prints of one or more (step 
55 S81 6), and in the case where It cannot be printed, the job data Is abandoned (step 881 7) to finish the process. On the 
other hand, in the case where it can be printed as a result of the detennination in the step S81 6, the processing of the 
attributes except the attributes 723, 724, 725 and 726 Is perfonned (step S81 8), and job data processing Is perfomned 
based on these attributes (step S819). Moreover, this processing is monitored so that the permitted number of prints 
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obtained from the process in the step S815 is not exceeded, and in the case where the maximum number of prints is 
exceeded, it causes the job data processing to abnormally end. Whether the job normally ends or abnomially ends, 
the job processing results are logged (step S820) to finish the process. The user ID and the number of prints printed 
by the job are logged, which is stored in the RAM 22 or the disk 30. 
5 [0074] Moreover, while the job data is once constructed in the MFP(1) 1 in the process in FIGS. 15 and 16 and then 
it is processed again in the process In FIGS. 1 8 and 19 In this embodiment, it is also feasible, as another embodiment, 
to unite the process In FIGS. 15 and 16 with the process in FIGS. 18 and 19, thus simultaneously performing a job 
analysis and the job processing. 

[0075] In addition, while the permitted number of prints in the access ticket is determined in the step S813, and the 
10 permitted number of prints of the user held in the directory server 6 is determined in the steps S815 and S816 in this 
embodiment, it is also feasible, as another embodiment, to omit either the determination of the pemnitted number of 
prints In the access ticket in the step S813 or the detemninatlon of the pennltted number of prints of the user held in 
the directory server 6 In the steps S815 and S816. 

[0076] In addition, while the job results are held as logs In the MFP(1) 1 In the step 8820 in this embodiment, it is 
15 also feasible to update the permitted number of prints and the accumulated number of prints of the user held in the 
directory server 6 by the number of prints printed by the job. The permitted number of prints is updated by obtaining 
the penmitted number of prints and the accumulated number of prints Indicated by the user ID held in the directory 
server 6 by the LDAP protocol, subtracting the number of prints printed by the job from the pemiitted number of prints, 
and further adding the number of prints printed by the job to the accumulated number of prints, and then setting these 
20 obtained values In the directory server 6 by the LDAP protocol. 

[0077] FIGS. 20 and 21 are flowcharts showing the procedure of the login screen displayed on an LCD 23 of the 
MFP(1) 1. This process Is perfomied on the MFP(1) 1. First, the attribute Information 302 (current user management 
mode) Is obtained (step S901). It is detemnined whether or not the value of the attribute infomnatlon 302 Is "No User 
Managemenf (step S902). 

25 [0078] In the case where it Is "No User Management" as a result of the detemninatlon, the login infomnatlon is stored 
in the RAM 22 (step S903). The login information holds the user management mode, the user ID and the permitted 
number of prints as of logging in. The permitted number of prints is sequentially updated by the number of prints used 
In the jobs accompanying printing such as a print Job and a copy job issued from the console within a login period, and 
the job is finished when the value of the permitted number of prints becomes 0. In the step S903, the permitted number 

30 of prints is set at Infinity. The user ID in the login infomnatlon is logged together with the number of prints used in the 
job. After the process of the step S903, a print pending job is processed (step 8924) to finish the process. 
[0079] On the other hand, in the case where there Is the user management as a result of the determination in the 
step S902, it is detemnined whether or not the value of the attribute information 302 is "Password" (step 8904). In the 
case where there Is the password as a result of the detemnination, the user interface screen prompting for the password 

35 js displayed on the LCD 23 and the inputted password is compared to the password value held In advance in the RAM 
22 or the disk 30 (step S905), and in the case where they coincide, the login processing is continued in the step 8903. 
In the case where they do not coincide, the processing is aborted as no login allowed. 

[0080] On the other hand, in the case where there is no password as a result of the detemnination in the step 8904, 
it Is determined whether or not the value of the attribute information 302 is "User ID" (step 8906). In the case where it 
40 is "User ID," the user interface screen prompting for the user ID is displayed on the LCD 23 and the inputted user ID 
is compared to the user ID value held in advance in the RAM 22 or the disk 30 (step 8907), and in the case where 
they coincide, the login processing is continued in the step 8903. In the case where they do not coincide, the processing 
is aborted as no login allowed. 

[0081] On the other hand. In the case where it is not the user ID as a result of the detennination In the step S906, it 
45 is detennlned whether or not the value of the attribute Information 302 is "User ID and Password" (step 8908). In the 
case where It is "User ID and Password" as a result of the determination, the user interface screen prompting for the 
user ID and the password is displayed on the LCD 23 and the inputted user ID and password are compared to the 
user ID value and the password value held in advance in the RAM 22 or the disk 30 (step 8909), and in the case where 
they coincide, the login processing is continued in the step 8903. In the case where they do not coincide, the processing 
so is aborted as no login allowed. 

[0082] In the case where it is not "User ID and Password" as a result of the determination in the step 8908, an attempt 
is made to access the directory server shown in the attribute information 305 so as to determine whether or not it is 
connectable (step 8910). 

[0083] In the case where it is accessible, the user interface screen prompting for the user ID and the password is 
55 displayed on the LCD 23 (step 891 2), and the inputted user ID and password are used to obtain the access ticket from 
the directory server 6 by the Kerberos protocol (step S914). 

[0084] On the other hand, in the case where an error Is sent In reply from the directory server 6 to the effect that the 
user name or the password is invalid, such as a case of incon^ect user name or password, the user interface screen 
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prompting for the user ID and the password is displayed again in the step S912. 

[0085] And the access ticket obtained from the directory server is decrypted by using a cryptograph key 306 (step 
S915). Validity of the access ticket is detemnined (step S916). This detennination is made by checking whether the 
ticket is within Its expiration date and whether the permitted number of prints is one or more. In the case where the 

5 access ticket Is not valid as a result of the determination in the step S91 6, the user interface screen representing that 
the devices may not be used with this user name is displayed on the LCD 23 (step S91 7) to finish the process. 
[0086] On the other hand, In the case where the access ticket Is valid as a result of the determination in the step 
S916, the login infomiation Is stored and the user cache information Is updated (step S925). Of the login infomnation, 
the number of prints held by the access ticket is set as the pemnitted number of prints. 

10 [0087] FIG. 22 is a diagram showing the data structure of the user infomiation cache. This user infonnation cache 
is held in the RAM 22 or the disk 30. The user Information cache is updated by adding the user name and the password 
used when obtaining the access ticket, the user ID and the permitted number of prints in the access ticket, and a login 
time as the data. In the case where the same user name already exists In the user Information cache, the existing 
information is updated. And then, after the process of the step S925, a print pending job is processed (step S922) to 

^5 finish the process. 

[0088] On the other hand, in the case where it is impossible to access the directory server 6 in the step S910, the 
attribute infonnation (Pemrilssion to Use In case of Inaccessible Directory Server) 307 is obtained to detemnine whether 
or not rt is available even if the server cannot be connected (step S911). In the case where permission to use Is not 
given, the user interface screen representing that a login is not pemnitted currently is displayed on the LCD 23 (step 

20 S920) to finish the process. 

[0089] On the other hand, In the case where penrjission to use is not given in the step S91 1 , the user Interface screen 
prompting for the user name and the password is displayed on the LCD 23 (step S91 8), and it is detemnined whether 
or not the inputted pair of the user name and the password exists in the user Information cache held by the RAM 22 
or the disk 30 (step S919). In the case where it does not exist in the user infomiation cache as a result of this deter- 

25 mination, the user interface screen representing that the devices may not be used with this user name currently is 
displayed on the LCD 23 (step S921) to finish the process. 

[0090] On the other hand, in the case where the pair of the user name and the password exists in the user infonnation 
cache as a result of the detemninatlon in the step S919, the permitted number of prints is computed by the process 
mentioned later, and this value and the user ID are stored as the login information (step S923). In addition, the value 

30 of "Join Security Domain (Inaccessible Directory Server)" is set in the user management mode in the login infonnation. 
After the process of the step 8923, a print pending job is processed (step S922) to finish the process. 
[0091] The login information stored in this login process is used in order to limit and record operation in issuing jobs 
in a login session. To be more specific, in the case where the printing is perfomned exceeding the pemiitted number 
of prints In the login infonnation, the job is aborted. In addition, the number of prints printed in the job is subtracted 

35 from the pemnitted number of prints in the login infonnation. 

[0092] Furthermore, in the case where the user management mode in the login information Is "Join Security Domain 
(Inaccessible Directory Server)," the value is updated by subtracting the number of prints printed in the job from the 
value of the maximum number of prints 312 or the pennitted number of prints of the user information cache 1013 In 
accordance with the contents of "Limit Types for Use In case of Inaccessible Directory Server" 308 that is the attribute 

40 infonnation held in the devices. The user ID in the login Infonnation is logged together with the number of prints printed 
in the job issued In the login session. And the login infonnation is abandoned when the user logs off. 
[0093] Moreover, even In the case where it is possible to connect to the directory server in this embodiment, the 
login information holds the permitted number of prints as of logging In in the step S925 and the pemriltted number of 
prints Is only updated by the job issued from the console within the login period. In the case where it is possible to 

45 connect to the directory server, however, it Is also feasible to obtain the pennitted number of prints of the user held by 
the directory server Immediately before the job is issued and limit the permitted number of prints thereby. In this case, 
the TGT is included in the login infonnation held in the step S925 and the pennitted number of prints of the user held 
by the directory server 6 Immediately before the job is Issued is thereby obtained by the Kerberos protocol and the 
LDAP protocol. 

50 [0094] The data of the user infonnation cache to be updated In the process of FIGS. 20 and 21 is held In the RAM 
22 or the disk 30 as aforementioned. The data is represented as a set of one record In one line, and one record is 
comprised of a user name 1 01 0, a password 1 01 1 , a user 1 01 2, a permitted number of prints 1013 and a login time 1 01 4. 
[0095] FIG. 23 Is a flowchart showing the procedure of the print pending job in the steps S924 and S922. This process 
Is perfomned on the MFP(1 ) 1 . First, a list of the jobs of which execution of printing is pending In the MFP(1 ) 1 is obtained 

55 (Step S1 101). 

[0096] The user ID in the login information held in FIGS. 20 and 21 is compared to the user ID including as the 
attributes the jobs obtained in the step 81 1 01 so as to create the list of the jobs In which both of them correspond (step 
S1 102). The user IDs of the jobs compared here are obtained and used by decrypting the access ticket In the case 
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where the access ticket 726 exists In the job, and If not, a user ID 724 Included in the job Is used. 

[0097] As a result of the process In the step S 11 02, it is detennined whether or not the list is blank (step S11 03), and 

the process is finished in the case where it is not blank as a result of the determination. 

[0098] On the other hand, in the case where it Is blank in the step S11 03, the list of the jobs In which the user IDs 
5 correspond Is displayed as the user interface screen on the LCD 23 (step S1 1 04). FIG. 24 Is a diagram showing the 
user Interface screen displayed on an LCD 23 In the step S1104. In the diagram, 1202 indicates the list of the jobs 
created in the step S1 102. 1203 is the OK button for having the job executed, and 1204 is a cancel button for closing 
the user interface screen without having the Job executed. 

[0099] And It Is determined which of the OK button 1203 and the cancel button 1204 was pushed (step S1 105), and 
10 In the case where the cancel button was pushed, it is terminated by closing the user interface screen. On the other 
hand , in the case where the OK button was pushed, the Jobs in the list of the jobs created in the step 81 1 02 are executed 
(step S1 1 06) to finish the process. 

[0100] FIGS. 25 and 26 are flowcharts showing the procedure when the i\^FP(1 ) 1 receives an access command for 
obtaining or setting individual attribute infomnation from the PC(1) 2, the PC(2) 3 and the PG(3) 4. First, the received 

15 command and Its parameter are analyzed (step SI 301 ). 

[0101] It Is detennined whether or not the received, command Is an attribute acquirementcommand from the analysis 
results (step SI 302). in the case where it is the attribute acquirement command, it is detennined whether or not the 
attribute specified by the attribute acquirement command can be acquired (step S1303). In the case where it can be 
acquired, the value of the attribute held In the MFP Is obtained (step SI 304), and the obtained attribute value Is set as 

20 the parameter of a send reply command, and the send reply command to the attribute acquirement command is sent 
to driver software (step SI 305) to finish the process. 

[0102] On the other hand, in the case where the attribute cannot be acquired in the step SI 303, a notice that the 
attribute acquirement failed is sent to the driver software (step SI 31 7) to finish the process. 

[0103] On the other hand, in the case where it is not the attribute acquirement command In the step SI 302, it is 
25 determined whether or not the received command is an attribute value change command from the analysis results in 
the step 1301 (step S 1311). In the case where it is the attribute value change command, It Is determined whether or 
not the attribute specified by the attribute value change command can be changed (step SI 31 2). 
[0104] In the case where it can be changed, the specified attribute is changed to the specified attribute value ac- 
cording to a specified command parameter (step SI 31 3), and the notice that the attribute value was successfully 
30 changed is sent to the driver software (step SI 31 4) to finish the process. On the other hand, in the case where it cannot 
be changed, the notice that the attribute value change failed is sent to the driver software (step S1315) to finish the 
process. On the other hand, in the case where it is not the attribute value change command in the step SI 311, the 
received command is another command, and so the process depending on the other command is perfonned (step 
SI 31 6) to finish the process. 

35 [0105] FIGS. 27 and 28 are flowcharts showing the procedure for issuing a management command such as device 
management or job management from the PC(1) 2, the PC(2) 3 and the PC(3) 4 to the MFP(1) 1. This process is 
performed on the PC(2) 3 and the PC(3) 4. First, the attribute information (current user management mode) 302 held 
by the MFP(1) 1 Is obtained (step S1401). 

[0106] It Is determined whether or not the value of the attribute Information 302 is "No User Management" (step 
40 S1402). In the case where it is "No User Management" as a result of the detemnination, the management command 
shown in FIG. 29 Is generated and sent to the MFP(1) 1 (step SI 403). FIG. 29 is a diagram showing the data structure 
of the management command. In the diagram, reference numeral 1501 represents the user management mode and 
indicates which infomnation of a user ID 1 502, a password 1 503 and an access ticket 1 504 is valid. In addition, reference 
numeral 1505 represents a command type. Moreover, reference numeral 1506 represents a length of a parameter 
45 1507 required for the command. 

[0107] The MFP{1) 1 processes the received management command according to the procedure shown In FIGS. 
30 and 31, and transmits the results. The reply sent from the MFP(1) 1 is processed (step SI 41 7). This process is 
different depending of the process of the management command sent in the step S1403, and especially In the case 
where the management command is "ListJobs" that is a command for obtaining the list of the Jobs of which management 
50 command is held in the MFP, the list of the Jobs included in the reply Is displayed as the user interface screen on the 
CRT 33. This process is finished thereafter. 

[0108] On the other hand, in the case where there Is the user management as a result of the detemnination in the 
step S1402, it is detemnined whether or not the value of the attribute Infomiatlon 302 Is "Password" (step SI 404). In 
the case where It is "Password" as a result of the determination, the user interface screen prompting for the password 
55 is displayed on the CiTr 33 (step SI 405). And the management command setting the inputted password Is generated 
and is sent to the MFP(1) 1 In the step S1403. 

[01 09] On the other hand, in the case where there is no password as a result of the detemnination in the step SI 404, 
it is detemnlned whether or not the value of the attribute information 302 is "User ID" (step SI 406). in the case where 
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it is "User ID" as a result of the determination, the user interface screen prompting for the user ID is displayed on the 
CRT 33 (step S1 407). And the management command setting the inputted user ID is generated and is sent to the MFP 
(1)1 In the step SI 403. 

[0110] On the other hand, in the case where it is not "User ID" as a result of the determination in the step SI 406, it 
s is detemnined whether or not the value of the attribute infonnation 302 is "User ID and Password" (step SI 408). In the 
case where it is "User ID and Password" as a result of the detenni nation, the user Interface screen prompting for the 
user ID and the password is displayed on the CRT 33 (step SI 409). And the management command setting the inputted 
user ID and the password is generated and is sent to the MFP(1) 1 In the step SI 403. 

[011 1] On the other hand, in the case where it is not "User ID and Password" as a result of the detemiination in the 
10 step SI 408, it is detennined on the PC being used whether or not the user has already logged in to the security domain 
managed by the directory server 6 (step S1410). This detemnlnation is made by Inquiring of an operating system of 
the PC being used. 

[01 12] in the case where the user has not logged in as a result of the detenmination, the user interface screen prompt- 
ing for the user ID and password is displayed on the CRT 33 (step SI 411), and the infonnation is sent to the directory 
15 server 6 by using the Kerberos protocol so as to obtain the TGT (Ticket Generation Ticket) information (step SI 41 3). 
[0113] On the other hand, in the case where the user has already logged In as a result of the detemiination in the 
step SI 410, the TGT used in the cun-ent session is requested of the operating system and is obtained since the user 
has already logged in (step S1412). 

[0114] The TGT obtained in the step S1412 or S1413 and the identifier (parameter) identifying the MFP(1) 1 of the 
20 job issue destination are sent to the directory server 6 by the Kerberos protocol to obtain the access ticket for the MFP 

(1) 1 (step S1414). The access ticket obtained here has the infonnation on the user name, the user ID, the user's 

pemiltted number of prints and its expiration date encrypted by cryptograph key 306 of the MFP(1 ) 1 . The data format 

in the access ticket and the encryption (algorithm) to be used are uniquely determined in advance according to the 

currently con-esponding directory server type 304. 
25 [01 1 5] The management command setting the access ticket obtained in the step SI 41 4 is generated and is sent to 

the MFP(1) 1 (step S1415). The same reply process as in the step S1417 Is perfonned thereafter (step S1416). The 

process is finished thereafter. 

[0116] FIGS. 30 and 31 are flowcharts showing the procedure for MFP(1) to process the management command 
generated by the process In FIGS. 27 and 28 and then sent to the IVIFP(1 ) 1 . This process is perfonned on the MFP(1 ) 1 . 

30 [0117] First, the attribute information (current user management mode) 302 is obtained (step SI 601). it is determined 
whether or not the value of the attribute information 302 is "No User IVIanagemenf (step SI 602). In the case of "No 
User Managemenr as a result of the detemiination, the value 0 is set on the user ID 1 502 in the management command 
(step SI 603), and processing is perfonned according to the command types from the step SI 61 3 onward. 
[0118] On the other hand, In the case where there Is the user management as a result of the determination in the 

35 step SI 602, it is determined whether or not the value of the attribute infonnation 302 is "Password" (step SI 604). In 
the case where it is "Password" as a result of the determination, the password value held in advance in the RAM 22 
or the disk 30 is compared to the password 1503, and in the case where they coincide, the value 0 is set on the user 
ID 1502 in the management command (step SI 605). Hereafter, processing is perfonned according to the command 
types from the step S1 613 onward. In the case where they do not coincide, the en-or is returned and the management 

40 command processing is aborted. 

[0119] On the other hand. In the case where it is not "Password" as a result of the detemiination in the step S1604, 
it is detennined whether or not the value of the attribute infonnation 302 is "User ID" (step SI 606). In the case where 
it is "User ID" as a result of the detemnlnation, the user ID value held In advance in the RAM 22 or the disk 30 is 
compared to the user ID 1502 (step SI 607). In the case where they coincide, processing Is perfonned according to 

45 the command types from the step SI 61 3 onward. In the case where they do not coincide, the error is returned and the 
management command processing is aborted. 

[01 20] in the case where it is not "User ID" as a result of the detennlnation in the step SI 606, it is determined whether 
or not the value of the attribute Information 302 is "User ID and Password" (step S1608). In the case where it is "User 
ID and Password" as a result of the determination, the user ID value and the password value held in advance In the 

50 RAM 22 or the disk 30 are compared to the user ID 1502 and the password 1503 respectively (step S1607), and in 
the case where they coincide, processing is performed according to the command types from the step SI 61 3 onward, 
in the case where they do not coincide, the error is returned and the management command processing is aborted. 
[0121] On the other hand. In the case where it is not "User ID and Password" in the step SI 608, the value of the 
access ticket 1504 Is decrypted by using the cryptograph key 306 (step SI 610). The validity and the expiration date 

55 of the access ticket are detennined as a result of the decryption (step SI 61 1 ), and in the case where the access ticket 
is valid as a result of the determination, the user ID in the access ticket is set as the user ID 1502 in the management 
command, and processing is perfonned according to the command types from the step SI 61 3 onward. On the other 
hand, in the case where the access ticket is Invalid as a result of the detemiination in the step SI 611, the error is 
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returned (step S1612), and the management command processing is finished. 

[01 22] In the process from the step SI 61 3 onward, it Is determined whether or not the command type 1 505 is "List- 
Jobs" (to obtain the list of the jobs) (step S1613). In the case where the command type 1505 Is "ListJobs" as a result 
of the detemriination, the list of the jobs held in the MFP(1) 1 Is obtained (step S1614). At this time, if "Current User 
5 IVIanagement IVlode" 302 is "Join Security Domain," the access ticket 726 of each job is decrypted with the cryptograph 
key 306 and the obtained user ID is set as the user ID 724 of the job. 

[G123J And the user ID 724 of the job obtained In the step S1614 is compared to the user ID 1502 included In the 
management command, so that the job name of the job wherein they do not correspond Is converted Into a blank (step 
SI 61 5). On the other hand, the job name of the job wherein they correspond is not converted Into a blank. The job list 

10 obtained in the step S1615 is returned (step S1616) and the process is finished. 

[01 24] On the other hand, it is detemnined whether or not the command type 1 505 is "CancelJob" (to cancel a specified 
job) as a result of the determination in the step SI 61 3 (step SI 61 7). In the case where the command type 1 505 is not 
"CancelJob" as a result of the detemiination, the device management command is processed (step SI 61 9) to finish 
the process. In the processing of the device management command in the step SI 61 9, a plurality of device management 

15 commands may be processed by dividing them into cases by using the command type 1505. 

[0125] As a result of the determination in the step S1617, the information on the specified Job is obtained (step 
SI 61 8). In the case where "Current User ly/lanagement Mode" 302 is "Join Security Domain" at this time, the access 
ticket 726 of the job Is decrypted with the cryptograph key 306 and the obtained user ID is set as the user ID 724 of 
the job. 

20 [0126] And the user ID 724 of the job is compared to the user ID 1502 included in the management command (step 
SI 620), and in the case where they do not correspond, it is replied that the execution of the management command 
failed (step SI 623) to finish the process. On the other hand, in the case where they correspond in the step S1 620, the 
specified job is cancelled (step SI 621 ), and It is replied that the execution of the management command was successful 
(step SI 622) to finish the process. 

25 [0127] Moreover, it is possible, by changing the process In the step SI 621 , to have the job management other than 
a job cancel to which a job access control function is added (a temporary halt, a restart, an interruption, higher priority 
and lower priority of the job, for instance) performed. 

[0128] FIG. 32 Is a flowchart showing the procedure for totaling the logs of the MFP(1) 1 and the MFP(2) 5 and 
updating the penmltted number of prints and the number of accumulated prints for each user of the directory server 6. 

30 This process is perfomned on the directory server 6. First, the logs are obtained from the subject MFPs (step S1 901). 
[0129] The number of prints printed for each user ID is totaled from the log information (step SI 902). The permitted 
number of prints and the accumulated number of prints of each user are obtained from the directory server 6 by the 
LDAP protocol, and the obtained number of prints Is subtracted from the pemiitted number of prints, and is further 
added to the accumulated number of prints, and then the obtained results are set in the directory server 6 by the LDAP 

35 protocol (step SI 903). Thus, the pemriitted number of prints and the accumulated number of prints for each user in the 
directory server 6 are updated. 

[0130] Thus, the process in FIG, 32 is performed to the MFP(1) 1 and the MFP(2) 5 so that the pennitted number of 
prints and the accumulated number of prints for the two MFPs are centrally managed by the directory server 6. 
[0131] Moreover, as another embodiment, in the case where the data of the directory server 6 is updated by con- 
40 necting to the directory server 6 each time the job is finished without logging the number of prints used in the job, it is 
not necessary to perform the process in FIG. 32. 

[01 32] FIGS. 33 and 34 are flowcharts showing a computing procedure for computing the permitted number of prints 
when it is impossible to connect to the directory server in the step S923 in FIGS. 20 and 21 . This process is perfonned 
on the MFP(1 ) 1 . First, Current Limit Type for Use in case of Inaccessible Directory Server 309 is obtained (step S2001 ). 

45 [01 33] It Is detemnined whether or not the limit type 309 is "No Limir (step S2002). In the case where it is no limit as 
a result of the detemnination, the permitted number of prints is set as infinity (step S2003) to finish the process. On the 
other hand, in the case where it is not no limit as a result of the detennination in the step S2002, it is detemriined which 
of Time," "Time and Fixed Max No. of Prints," or "Time and Max No. of Prints" the limit type 309 is (step S2004). In 
the case it falls under one of them as a result of the determination, the user's final login time 1 01 4 in the user infonnation 

50 cache is obtained (step S2005), and it is determined whether the time difference between this time and the current 
time is the value specified by the time limit length 310 or less (step S2006). 

[0134] In the case where it is the specified value or less, the permitted number of prints is set at 0 (step S2007) to 
finish the process. On the other hand, in the case where it is not any of "Time," "Time and Fixed Max No, of Prints," or 
"Time and Max No. of Prints" or in the case where it is within the time limit In the step S2006 as a result of the deter- 
55 minatlon in the step S2004, it Is detemnined which of "Fixed Max No. of Prints," or "Time and Fixed Max No. of Prints" 
the limit type 309 is (step S2008). 

[0135] In the case where it is either "Fixed Max No. of Prints." or "Time and Fixed Max No. of Prints," the value of 
the maximum number of prints 31 2 is set as the pemnitted number of prints (step S201 0) to finish the process. On the 
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other hand, in the case where it is neither "Fixed Max No. of Prints," nor "Time and Fixed Max No. of Prints," as a result 
of the detemnination in the step S2008, it is determined which of "Max No. of Prints," or "Tinr^e and Max No. of Prints" 
the limit type 309 Is (step S2009). in the case where it is either "Max No. of Prints." or "Time and Max No. of Prints," 
the number of prints Is calculated by the following equation (1) so as to set It as the pemiitted number of prints (step 
5 S201 1 ) to finish the process. 

Permitted No. of Prints = Permitted No. of Prints in User Information Cache 1013 - Reduction Rate of Max 
No. of Prints per Day x Time (Days) from Final Login (1 ) 

[0136] Here, the Time (Days) from Final Login is calculated by subtracting the current time from the user infomnation 
cache login time 1014, dividing that time by the value 24 and dropping the fractional portion. 
[0137] On the other hand, in the case where it is neither "Max No. of Prints," nor "Time and Max No. of Prints," as a 
IS result of the detennination in the step S2009, Max No. of Prints for each Login 313 is set as the permitted number of 
prints (step S2012) to finish the process. 

[01 38] Moreover, while "Supported User Management Modes," "Adaptive Directory Server Types," and "Limit Types 
for Use in case of Inaccessible Directory Server" are obtained by the PC(1) 2, the PC(2) 3 and the PC(3) 4 directly 
from the MFP(1) 1 according to the procedures shown in the flowcharts in FIGS. 6, 8 and 10 respectively In this em- 
20 bodiment, it is also feasible, as another embodiment, to obtain "Supported User Management Modes," "Adaptive Di- 
rectory Server Types," and "Limit Types for Use in case of Inaccessible Directory Server" from the MFP(1 ) 1 and hold 
them as the device infomnation in the directory server 6 once so that the PC(1) 2, the PC(2) 3 and the PC(3) 4 will 
obtain them from the directory server 6. 

25 (Second Embodiment) 

[0139] While the access ticket is included in the management command in FIG. 29 in the above described first 
embodiment, a data size of the access ticket is generally larger than other data sizes of the management commands, 
which may result in a problem in perfomriance and so on. A peripheral equipment control system to solve this problem 
30 will be described as the second embodiment below. 

[0140] FIG. 35 is a diagram showing the data structure of the management command generated by a management 
command generation process mentioned later and sent to the MFP(1). In the diagram, reference numeral 2301 denotes 
the user management mode and indicates which infomnation of a user ID 2302, a password 2303 and a session key 
2304 is valid. 

35 [0141] The session key 2304 is issued by the MFP(1) 1 and is associated with the access ticket one to one by an 
access ticket cache in the MFP(1) 1 . In the diagram, reference numeral 2305 denotes the command type. Reference 
numeral 2306 denotes the length of a parameter 2307 required for the command. 

[0142] FiG. 36 is a diagram showing the data structure of the access ticket cache held in the RAM 22 by the process 
of the access ticket setting command mentioned later. The access ticket cache is comprised of a plurality of records, 
40 wherein one record Is a pair of a session key 2401 and an access ticket 2402. The access ticket held here is one after 
decryption by using the cryptograph key 306. 

[0143] FIGS. 37 and 38 are flowcharts showing the procedure for MFP(1) to process the management command 
generated by a management command generation process mentioned later and sent to the MFP(1). This procedure 
is perfomied on the MFP(1) 1 . As the step processing up to the step SI 608 in FIGS. 30 and 31 are the same in this 

45 procedure, that step processing is omitted, and the case where the detennination process in the step SI 608 is NO 
(false), that Is, the case where the user management mode is "Join Security Domain" will be described first. 
[0144] First, it is detemnined whether or not the session key 2304 has the value 0 (step S2501). In the case where 
the session key 2304 has the value 0 as a result of the determination in the step S2501 , it Is determined whether or 
not the management command type 2305 is the "access ticket setting command" (step S2502). In the case where it 

50 is not the "access ticket setting command," the error is returned (step S2507) to finish the process. 

[0145] On the other hand, in the case where it is the "access ticket setting command" as a result of the determination 
in the step S2502, the value of the access ticket included in the management command parameter 2307 is decrypted 
by using the cryptograph key 306 (step S251 9). As a result of the decryption, the validity and the expiration date of the 
access ticket are detenrtined (step S2520). 

55 [01 46] In the case where the access ticket is not valid, the en^or is returned (step S2521 ) to finish the processing of 
the management command. On the other hand, in the case where the access ticket is valid as a result of the detemni- 
nation in the step S2520, the session key corresponding to the access ticket one to one is generated, and the contents 
of the decrypted access ticket are stored in the access ticket cache together with the session key (step S2503). The 
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generated session key is returned (step S2504) to finish the process. 

[0147] On the other hand, In the case where the session key has any value other than 0 in the step S2501 , the 
session key is searched for In the access ticket cache (step S2505), and it Is detemiined whether or not the session 
key exists (step S2506). As a result of the detemiination, the error is returned (step S2507) to finish the process. 
5 [0148] On the other hand, in the case where the session key exists as a result of the determination in the step S2506, 
the access ticket corresponding to the session key is obtained from the access ticket cache, and the user ID in the 
access ticket is set as the user ID 2302 in the management command (step S2522) and processing Is performed 
according to the command type from the step S2508 onward. 

[0149] In the process from the step S2508 onward, it is determined whether or not the command type 2305 is "List- 
10 Jobs" (to obtain the list of the jobs) (step S2508). In the case where the command type 2305 is "List Jobs" as a result 
of the detemiination, the list of the jobs held in the MFP(1) 1 is obtained (step S2509). At this time, if "Current User 
IVIanagement Mode" 302 is "Join Security Domain," the access ticket 726 of each job is decrypted with the cryptograph 
key 306 and the obtained user ID Is set as the user ID 724 of the job. 

[0150] The user ID 724 of the job obtained in the step S2509 is compared to the user ID 2302 included in the man- 
15 agement command, so that the job name of the job wherein they do not correspond is converted into a blank (step 
S2510). The obtained job list is returned (step S2611) to finish the process. 

[01 51 ] On the other hand, it Is determined whether or not the command type 1 505 Is "Cancel Job" (to cancel a specified 
job) as a result of the determination In the step S2508 (step S2512). In the case where the command type 2305 is not 
"CancelJob," the device management command is processed (step S2517) to finish the process. In the processing of 
20 the device management command in the step S251 7, a plurality of device management commands may be processed 
by dividing them into cases by using the command type 2305. 

[01 52] On the other hand, in the case where the command type 1 505 is "CancelJob" as a result of the determination 
in the step S2512, the Infonnation of the specified job is obtained (step S2513). At this time, if "Current User Manage- 
ment Mode" 302 is "Join Security Domain," the access ticket 726 of the job is decrypted with the cryptograph key 306 
25 and the obtained user ID Is set as the user ID 724 of the job. 

[0153] And the user ID 724 of the job is compared to the user ID 2302 Included in the management command (step 
S2514), and In the case where they do not correspond, it is replied that the execution of the management command 
failed (step S2518) to finish the process. 

[0154] On the other hand, in the case where they correspond in the step 82514, the specified job is cancelled (step 
30 S2515), and it Is replied that the execution of the management command was successful (step S2516) to finish the 
process. 

[0155] Moreover, it Is also possible, by applying the management command procedure shown In FIGS. 37 and 38 
when processing the job, to have the session key included in the job instead of having the access ticket included in 
the job as shown in FIGS. 17, 18 and 19. 

35 [0156] FIG. 39 Is a flowchart showing the procedure for Issuing the management command such as the device 
management or the job management from the PC(1) 2, the PC(2) 3 and the PC(3) 4 to the MFP(1) 1 perfonning the 
process in FIGS . 37 and 38. This procedure Is perfomried on the PC(1 ) 2, the PC(2) 3 and the PC(3) 4. As this procedure 
is the same up to the steps S 1 41 2 and SI 41 3 in FIGS. 27 and 28, the procedure after the TGT Is obtained by the steps 
SI 41 2 or SI 41 3 Is described here. 

40 [01 57] To be more specific, the TGT obtained In the step SI 41 2 or S1 41 3 and the Identifier (parameter) Identifying 
the MFP(1 ) 1 of the job issue destination are sent to the directory server 6 by the Kerberos protocol to obtain the access 
ticket for the MFP(1) 1 (step S2601). The access ticket obtained here has the information on the user name, the user 
ID, the user's pemiitted number of prints and Its expiration date that are encrypted by the cryptograph key 306 of the 
MFP(1) 1. The data forniat in the access ticket and encryption (algorithm) to be used are uniquely detemiined In 

45 advance according to the currently corresponding directory server type 304. 

[0158] The access ticket setting command wherein the access ticket obtained in the step S2601 is set as the com- 
mand parameter 2307 is generated and sent to the MFP(1 ) 1 (step S2602). As for the management command sent 
here, the session key 2304 has the value 0 and the command type 2305 is the "access ticket setting command." 
[0159] It Is determined whether or not the reply from the MFP(1) 1 Is the error (step S2603), and the process Is 

50 terminated In the case of the error. On the other hand, In the case where It Is not the error as a result of the determination 
in the step S2603, the session key obtained in the step S2602 is set as the management command session key 2304, 
and appropriate values are set on the management command type 2305, the command parameter length 2306 and 
the command parameter 2307 of the management command data and they are sent to the MFP(1) 1 (step S2604). 
The reply from the MFP(1) 1 is processed (step S2605) to finish the process. 

55 [0160] Moreover, when the same user issues the job management command or the device management command 
to the same MFP, the required access ticket has already been held by the MFP and the session key thereto has been 
obtained, so that the steps from the step S2601 to the step S2603 may be omitted. Thus, the job management and 
the device management of the MFP can be implemented with good perfomnance. 
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(Third Embodiment) 

[0161] In the above described first embodiment, the case where the print pending job Issued from a client PC is 
printed by using an operation panel (the LCD 23 and the keyboard 24) of the IWFP(1 ) 1 (the step S922 in FIG. 20 and 
3 the steps S1101 to S1106 in FIG. 23) was described. 

[0162] In the third embodiment, an example wherein the copy job is issued according to an operating instruction from 
the operation panel (the LCD 23 and the keyboard 24) of the MFP(1 ) 1 and the copy job is executed in the MFP{1 ) 1 
will be described. 

[0163] To be more specific, It is the example wherein the job is issued from the MFP(1 ) 1 Instead of the client PC. 
10 [0164] FIG. 40 and 41 are flowcharts showing the operation of the MFP(1) at that time. 

[0165] First, the "Current User Management Mode" attribute 302 that Is the attribute Information held by the MFP(1) 
1 Is obtained (step S4001). It is detemnined whether or not the value of the attribute infomiation 302 is "No User 
Management' (step S4002), and then the scanner engine 27, the printer engine 28 and so on are controlled to execute 
the copy job (step S4003). 

15 [0166] If it Is detemnined whether or not the value of the attribute infomnation 302 Is "Password" in the step S4004, 
the copy job is executed (step S4003) according to the Input of the nomnai password (step S4005) from the operation 
panel (the LCD 23 and the keyboard 24). 

[0167] If It is detemnined that the value of the attribute information 302 is "User ID" in the step S4006, the copy job 
is executed (step S4003) according to the input of the nomnal user ID (step S4007) from the operation panel (the LCD 
20 23 and the keyboard 24). 

[0168] If it is determined that the value of the attribute Infomnatlon 302 Is "User ID and Password" In the step S400B, 
the copy job is executed (step S4003) according to the input of the nonnal user ID and password (step S4009) from 
the operation panel (the LCD 23 and the keyboard 24). 

[0169] On the other hand, in the case where it is not "User ID and Password" as a result of the detemiination in the 
25 step S4008, it moves on to the step S401 0 detemnining that it is managed by the directory server 6. 

[0170] In the MFP(1) 1 , It is detemnined whether or not the user has already logged in to the security domain managed 
by the directory server 8 (step S4010). 

[01 71 ] In the case where the user has not logged in as a result of the detemriination, the user interface screen prompt- 
ing for the user ID and the password is displayed on the LCD 23, and the input from the operation panel (the LCD 23 
30 and the keyboard 24) is received (step S401 1 ). 

[0172] And the user ID and the password Inputted from the operation panel (the LCD 23 and the keyboard 24) are 
sent to the directory server 6 by using the Kertaeros protocol so as to obtain TGT (Ticket Generation Ticket) Infomnatlon 
(step S4013). 

[0173] On the other hand, In the case where the user has already logged in as a result of the detenninatlon in the 
35 step S4010, the TGT used in a current session is requested and obtained (step S4012). Here, in the case where the 
user has already logged in, the user name and so on are held In the MFP(1) 1. 

[0174] The TGT obtained In the step S4012 or S4013 is used to obtain the pennitted number of prints information 
of the user falling under the user name held by the MFP(1) 1 or the user name Inputted in the step S4011 from the 
directory server 6 by the Kerberos protocol and the LDAP protocol (step S4014). 

40 [01 75] It is detemnined thereafter whether or not the permitted number of prints is one or more (step S401 5), and in 
the case where it cannot be printed since it is less than one as a result of the detemiination, the user interface screen 
representing that the job cannot be issued is displayed on the LCD 23 (step S4016) to finish the process. 
[0176] On the other hand, in the case where printing Is possible with the pennitted number of prints of one or more 
as a result of the detemnination In the step S4015, the TGT obtained in the step S4012 or S4013 and the parameter 

45 of the identifier identifying the MFP(1 ) 1 are sent to the directory server 6 by the Kertseros protocol to obtain the access 
ticket for the MFP(1) 1 (step S4017). 

[0177] The access ticket obtained here has the information on the user name, the user ID, the user's permitted 
number of prints and its expiration date that is encrypted by cryptograph key attribute information 306 of the MFP(1) 
1 . A data fomnat in the access ticket and encryption (algorithm) to be used are uniquely detemnined in advance according 
50 to the currently corresponding directory server type (attribute infomnation 304). 

[0178] And the access ticket obtained in the step S401 7 and the other information required for the job are set on the 
job, and then the copy job is executed (step S4018). 

[0179] In the step S4019, log infomnation on the directory server 6 as to the user who executed the copy job is 
updated based on the results of the copy job executed in the step S401 8. 
S5 [0180] To be more specific, the pennitted number of prints and the number of accumulated prints corresponding to 
the user who executed the copy job is obtained from the directory server 6 by the LDAP protocol, and the number of 
copies used In the step S4018 is subtracted from the pemnitted number of prints and is further added to the number 
of accumulated prints so as to set these obtained results on the directory server 6 by the LDAP protocol. 



16 



EP1 193 593 A2 



[01 81 ] Th us , the permitted n umber of prints and the number of accumulated prints managed by the directory server 
6 for each user are updated. 

[0182] FIG. 42 Is an example of the data structure of the infomnatlon on the user logging Into each client PC registered 
with and managed by the directory server 6. 

5 [0183] According to this diagram, the user ID Is registered first as the Information on each user such as a user A and 
a user B, and then and the number of accumulated prints and the permitted number of prints are registered for each user. 
[0184] If the user inputs the user ID and so on from the operation panel of the MFP(1) 1 and logs in to the directory 
server 6 to execute the copy job, the directory server 6 updates the number of accumulated prints and the pemnitted 
number of prints that are registered corresponding to the user ID based on the log Infonnatlon of the copy job from the 

10 MFP(1)1. 

[0185] As mentioned above, according to the third embodiment, It is possible to have the PC user use the copier by 
inputting from the operation panel of the copier authentication Information Inputted on logging in from the PC to the 
network, so that the use of the copier by each user can be centrally managed by the directory server. 
[01 86] As set forth above, according to the above embodiment, unified job management can be perfomied as to the 
IS access In the network environment. In addition, unified job management can be performed as to the access in the 
network environment. Moreover, only the user who Issued the job can cancel the job. 

[0187] In addition, only the user who issued the job can know the entire information on the job, and the other users 
can only know partial infomnatlon on the job. Moreover, it Is possible to perfonn unified job infomiatlon on the access 

with good performance In the network environment. Furthermore, only the user who Issued the job can cancel the job 
20 with good performance. Moreover, only the user who Issued the job can know the entire Information with good per- 
formance, and the other users can only know the partial information on the job. 

[0188] In addition, it Is possible to perform unified device management as to the access in the network environment. 
Moreover, it Is possible to perform unified device management as to the access in the network environment with good 
perfonnance. It is also possible to issue the job management command to the MFPs. Furthemiore, It is possible to 
25 issue a job cancel command to the MFPs. It Is aiso possible to display the jobs to the MFPs. Furthemnore, It is possible 
to issue the device management command to the MFPs. 

[0189] According to this embodiment, it is possible to obtain the list of the directory server types which the MFPs 
can support from the outside via the network and so on. In addition, it is possible to obtain and set the directory server 
types which the MFPs are currently supporting from the outside via the network and so on. Furthermore, it is possible 
30 to obtain the list of the directory server types which can be supported and display it on the user interface. It is also 
possible to obtain the directory server which can be supported and display it on the user interface and also change 
the settings. 

[0190] According to this embodiment, It is possible to use the unified user infomnation on a plurality of MFPs. in 
addition, it is possible to centrally manage the number of accumulated prints and the maximum number of prints in the 
35 environment using a plurality of MFPs. Moreover, it is possible to limit printing for each user by the maximum number 
of prints In the environment using a plurality of MFPs. 

[0191] In addition, It is possible to set an operation mode to be taken in the case of a failure of connecting to the 
directory server from the outside via the network and so on. Furthermore, the MFPs can be used in the case of a failure 
of connecting to the directory server. Moreover, the MFPs can be used within a fixed time of the final nomial login in 

40 the case of a failure of connecting to the directory server. In addition, the MFPs can be used to the extent not exceeding 
the maximum number of prints stored in the device within the fixed time of the final nomial login in the case of a failure 
of connecting to the directory server. Moreover, the MFPs can be used up the maximum number of prints at the time 
of the final nomrial login within the fixed time of the final nomrial login In the case of a failure of connecting to the directory 
server. In addition, the MFPs can be used to the extent not exceeding the maximum number of prints stored in the 

45 device In the case of a failure of connecting to the directory server. 

[0192] In addition, the MFPs can be used up the maximum number of prints at the time of the final normal login in 
the case of a failure of connecting to the directory server. Moreover, the MFPs can be used to the extent not exceeding 
the maximum number of prints for each login in the case of a failure of connecting to the directory server. In addition, 
it is possible to prohibit the user from using the MFPs in order to perform correct user management in the case of a 

50 failure of connecting to the directory server. Furthermore, the MFPs can be used up the maximum number of prints to 
which the expected number of prints after nomnalty connecting to the directory server is added. In addition, it is possible 
to issue the jobs to the MFPs. 

[0193] Moreover, while the embodiments of the present Invention were described above, the present Invention Is not 
limited to the configurations of these embodiments, but it is applicable to any configuration capable of accomplishing 
55 the functions according to the claims or the functions that the configurations of the embodiments have. 

[0194] In addition, It Is needless to say that the present invention is applicable to the cases where it can be accom- 
plished by supplying the program to the system or the equipment by means of a record medium storing a program 
code of software for implementing the functions of the aforementioned embodiments. In this case, the program code 
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read from the storage medium itself Implements a new function of the present invention, so that the storage medium 
storing the program constitutes the present invention. 

[0195] In the above embodiments, the program code shown in each flowchart is stored in the storage medium. As 

for the storage medium for supplying the program code, for instance, a ROM, a floppy disk, a hard disl<, an optical dlsl<, 
5 a magneto-optical disk, a CD-ROM, a CD-R, a DVD, a magnetic tape, a nonvolatile memory card and so on can be used. 
[01 96] According to the present invention, unified access control can be performed as to the job management in the 
network environment. In addition, the unified access control can be performed as to the job management in the network 
environment so that the perfomriance will not deteriorate. 

[0197] In addition, it can provide a general purpose peripheral equipment control system wherein the peripheral 
10 equipment control software does not require the subject MFP to wait for the information on the corresponding directory 
server type. 

[0198] Moreover, the unified management of the user infomriation Is perfonrned so that the same user infomiation 
can be used by a plurality of devices In the environment for using a plurality of devtees connected to the network and 
so on. In addition, it is possible to perform central management of the accumulated number of prints and the maximum 
15 number of prints of the user In the environment for using a plurality of devices connected to the network and so on. 
Furthemnore, it Is possible to temporarily use the MFPs In the case of a network failure. 



Claims 

20 

1 . Peripheral equipment connected to a network and managed by a directory server on said network, comprising: 

decrypting means for decrypting an access tbket of said peripheral equipment included in a job received from 

an information processing apparatus on said network; and 
25 control means for limiting execution of said job based on decryption results of said decrypting means. 

2. The peripheral equipment according to claim 1 , wherein said control means does not execute said job in the case 
where it is detennined by said decrypting means that said access ticket is not valid. 

30 3. The peripheral equipment according to claim 1 , wherein said control means obtains, from said directory server, 
limit information on said job corresponding to the infomriation decrypted by said decrypting means and limits exe- 
cution of said job based on the limit information. 

4. The peripheral equipment according to claim 3, wherein said job Is a print job, and said limit Information is infor- 
ms mation indicating the pennltted number of prints. 

5. Peripheral equipment connected to a network and managed by a directory server on said network, comprising: 

receiving means for receiving a control command for a job from an information processing apparatus on said 
40 network; 

decrypting means for decrypting an access ticket of said peripheral equipment Included In said control com- 
mand; and 

control means for limiting execution of said control command based on decryption results of said decrypting 
means. 

45 

6. The peripheral equipment according to claim 5, wherein said control means does not execute said control command 
in the case where it Is determined by said decrypting means that said access ticket Is not valid. 

7. The peripheral equipment according to claim 5, wherein, in the case where said control command is one for dis- 
50 playing a list of jobs, said control means changes a display form of the list based on the decryption results of said 

decrypting means. 

8. The peripheral equipment according to claim 5, further comprising: 

55 second decrypting means for decrypting the access ticket of said peripheral equipment included in the job, 

and wherein: 

in the case where said control command is one for deleting a specified job, said control means detennlnes 
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whether or not the job can be deleted based on the decryption results of said decrypting means and the 
decryption results of said second decrypting means. 

9. Peripheral equipment connected to a networic and managed by a directory server on said network, comprising: 

5 

obtaining means for logging In to said directory server based on information inputted from an operation panel 
and obtaining an access ticket of said peripheral equipment corresponding to the inputted infomiation from 
said directory server; 

Inputting means for, after obtaining said access ticket, inputting a control command for the Job from said op- 
10 eration panel; 

decrypting means for decrypting said access ticket; and 

control means for limiting execution of said control command based on decryption results of said decrypting 
means. 

15 1 0. The peripheral equipment according to claim 9, wherein said control means does not execute said control command 
in the case where it is detemnined by said decrypting means that said access ticket Is not valid. 

11. The peripheral equipment according to claim 9, wherein, in the case where said control command is one for dis- 
playing a list of jobs, said control means changes a display form of the list based on the decryption results of said 

20 decrypting means. 

12. The peripheral equipment according to claim 9, further comprising: 

second decrypting means for decrypting the access ticket of said peripheral equipment included In the job, 
25 and wherein: 

in the case where said control command is one for deleting a specified job, said control means determines 
whether or not the job can be deleted based on the decryption results of said decrypting means and the 
decryption results of said second decrypting means. 

30 

13. A copier connected to a network and managed by a directory server on said network, comprising: 

operating means for inputting user information In order to log in to said directory server and directing a copy 
job to start; 

35 obtaining means for logging in to said directory server and then obtaining management infonmatlon corre- 

sponding to said user information from said directory server; and 

control means for limiting execution of said copy job based on said management infomiation. 

14. The copier according to claim 13, wherein, on logging in from a client computer on said network to said directory 
40 server, said user information is inputted to said client computer. 

15. The copier according to claim 13, wherein said management information Includes the permitted number of prints. 

16. The copier according to claim 13, wherein said management infomnation includes the accumulated number of 
45 prints. 

17. The copier according to claim 13, further comprising: 

renewing means for renewing management information managed by said directory server corresponding to 
so said user infomriatlon according to execution results of said copy job. 

18. A directory server for managing network users and resources on a networi<, comprising: 

managing means for managing management infomiation on the number of copies for each networi< user; 
55 control means for sending to said copier said management Infomiation corresponding to user Infomnation 

obtained on logging in according to a login from the copier connected to said network. 

19. The directory server according to claim 18, further comprising: 
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renewing means for renewing the management infonnation on each network user according to infomnation 
from said copier. 

20. A control method of peripheral equipment connected to a networl( and managed by a directory server on said 
5 networl<, comprising: 

a decrypting step for decrypting an access ticket of said peripheral equipment included In a job received from 
an information processing apparatus on said network; and 

a control step for limiting execution of said job based on decryption results of said decrypting step. 

10 

21. The control method of peripheral equipment according to claim 20, wherein said control step does not execute 
said job in the case where it is detemiined by said decrypting step that said access ticket is not valid. 

22. The control method of peripheral equipment according to claim 20, wherein said control step obtains, from said 
f5 directory server, limit infomiation on said job corresponding to the infonnation decrypted by said decrypting step 

and limits execution of said job based on the limit infonnation. 

23. The control method of the peripheral equipment according to claim 22, wherein said job is a print job and said limit 
infonnation is information indicating the permitted number of prints. 

20 

24. A control method of peripheral equipment connected to a network and managed by a directory server on said 
network, comprising: 

a receiving step for receiving a control command for a job from an infonnation processing apparatus on said 
2s network; 

a decrypting step for decrypting an access ticket of said peripheral equipment included in said control com- 
mand; and 

a control step for limiting execution of said control command based on decryption results of said decrypting 
step. 

30 

25. The control method of the peripheral equipment according to claim 24, wherein said control step does not execute 
said control command in the case where it is detennined by said decrypting step that said access ticket is not valid. 

26. The control method of the peripheral equipment according to claim 24, wherein, in the case where said control 
35 command is one for displaying a list of jobs, said control step changes a display form of the list based on the 

decryption results of said decrypting step. 

27. The control method of the peripheral equipment according to claim 24, further comprising: 

^0 second decrypting step for decrypting the access ticket of said peripheral equipment included in the job, and 

wherein: 

in the case where said control command is one for deleting a specified job, said control step detemiines 
whether or not the job can be deleted based on the decryption results of said decrypting step and the 
decryption results of said second decrypting step. 

28. A control method of peripheral equipment connected to a network and managed by a directory server on said 
network, comprising: 

so an obtaining step for logging in to said directory server based on Infonnation inputted from an operation panel 

and obtaining an access ticket of said peripheral equipment con^esponding to the inputted Infonnation from 

said directory server; 

an inputting step for, after obtaining said access ticket, inputting a control command for the job from said 
operation panel; 

ss a decrypting step for decrypting said access ticket; and 

a control step for limiting execution of said control command based on decryption results of said decrypting 
step. 
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29. The control method of the peripheral equipment according to claim 28, wherein said control step does not execute 
said control command In the case where It is determined by said decrypting step that said access ticket Is not valid. 

30. The control method of the peripheral equipment according to claim 28, wherein, in the case where said control 
5 command Is one for displaying a list of jobs, said control step changes a display form of the list based on the 

decryption results of said decrypting step. 

31 . The control method of the peripheral equipment according to claim 28, further comprising: 

10 a second decrypting step for decrypting the access ticket of said peripheral equipment included in the job, and 

wherein: 

in the case where said control command is one for deleting a specified job, said control step determines 
whether or not the job can be deleted based on the decryption results of said decrypting step and the 
15 decryption results of said second decrypting step. 

32. A control method of a copier connected to a network and managed by a directory server on said network, com- 
prising: 

20 an operating step for inputting user infomiation in order to log in to said directory server and directing a copy 

job to start; 

an obtaining step for logging In to said directory server and then obtaining management information corre- 
sponding to said user infomnation from said directory server; and 

a control step for limiting execution of said copy job based on said management infonnation. 

25 

33. The control method of the copier according to claim 32, wherein, on logging in from a client computer on said 
network to said directory server, said user Information is inputted to said client computer. 

34. The control method of the copier according to claim 32, wherein said management infonnation Includes the per- 
30 mitted number of prints. 

35. The control method of the copier according to claim 32, wherein said management Infonnation includes the accu- 
mulated number of prints. 

35 36. The control method of the copier according to claim 32, further comprising: 

renewing step for renewing management Information managed by said directory server corresponding to said 
user infonnation according to execution results of said copy job. 

40 37. A computer program executed on a computer of peripheral equipment connected to a network and managed by 
a directory server on said network, comprising: 

a decrypting step for decrypting an access ticket of said peripheral equipment included in a job received from 
an Infonnation processing apparatus on said network; and 
45 a control step for limiting execution of said job based on decryption results of said decrypting step. 

38. A computer-readable storage medium storing a computer program according to claim 37. 

39. A computer program executed on a computer of peripheral equipment connected to a network and managed by 
50 a directory server on said network, comprising: 

a receiving step for receiving a control command for a job from an information processing apparatus on said 
network; 

a decrypting step for decrypting an access ticket of said peripheral equipment included In said control com- 
55 mand; and 

a control step for limiting execution of said control command based on decryption results of said decrypting 
step. 
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40. A computer-readable storage medium storing a computer program according to claim 39. 

41. A computer program executed on a computer of peripheral equipment connected to a networl< and managed by 
a directory server on said network, comprising: 

5 

an obtaining step for logging in to said directory server based on infomriation inputted from an operation panel 
and obtaining an access ticlcet of said peripheral equipment corresponding to the inputted infomriation from 
said directory server; 

an inputting step for, after obtaining said access ticket, inputting a control command for the Job from said 
10 operation panel; 

a decrypting step for decrypting said access ticket; and 

a control step for limiting execution of said control command based on decryption results of said decrypting 
step. 

15 42. A computer-readable storage medium storing a computer program according to claim 41 . 

43. A computer program executed on a computer of a copier connected to a network and managed by a directory 
server on said network, comprising: 

20 an operating step for inputting user information in order to log in to said directory server and directing a copy 

job to start; 

an obtaining step for logging in to said directory server and then obtaining management infonnatlon corre- 
sponding to said user infonnation from said directory server; and 

a control step for limiting execution of said copy job based on said management information. 

25 

44. A computer-readable storage medium storing a computer program according to claim 43. 
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